Is there a way the to secure proxy user/passwords for Vagrant configs?

Question

I am working through several use cases with Vagrant and have been having difficulty coming up with a good solution for handling corporate proxies in an elegant way. In my initial Vagrantfile, I ended up with this config for apt.conf

user = 'me'
pwd = 'mypwd'    
config.vm.provision :shell, :inline => "echo 'Acquire::http::Proxy \"http://#{user}:#{pwd}@proxy.corp.com:3210\";' >> /etc/apt/apt.conf"
config.vm.provision :shell, :inline => "echo 'Acquire::https::Proxy \"http://#{user}:#{pwd}@proxy.corp.com:3210\";' >> /etc/apt/apt.conf"
config.vm.provision :shell, :inline => "echo 'Acquire::socks::Proxy \"http://#{user}:#{pwd}@proxy.corp.com:3128\";' >> /etc/apt/apt.conf"

Obviously, I want to avoid having my user/password stored in the Vagrantfile since I am planning on keeping it under version control. My next attempt was to prompt from within the Vagrantfile using the highline plugin, but that causes the prompt to appear during every vagrant command and not just during init (when this config would apply).

Am I going about this the wrong way? If so, what other options are available to deal with proxy configuration that fits well into the Vagrant model?

Answer 1

You could do this in the following way:

Create a file called proxy.yml and add it to your .gitignore so that it doesn't get committed.

Then inside your Vagrantfile you could have something like this:

if File.exist?("proxy.yml")
    require 'yaml'
    proxy = YAML::load(File.open('proxy.yml'))
    config.vm.provision :shell, :inline => "echo 'Acquire::http::Proxy \"http://#{proxy['user']}:#{proxy['pass']}@proxy.corp.com:3210\";' >> /etc/apt/apt.conf"
end

The contents of proxy.yml would be:

user: "username"
pass: "password"

Answer 2

You can use vagrant-proxyconf plugin:

vagrant plugin install vagrant-proxyconf

As you probably want to use the same settings for all Vagrant VMs, you can put the configuration to ~/.vagrant.d/Vagrantfile (which is local to your machine):

config.apt_proxy.http = "http://me:[email protected]:3210"

Apt uses by default the same proxy with HTTPS URIs too, so you shouldn't need to specify it in your case.

Other option is to pass the configuration with environment variables. For example on command line, ~/.bashrc, etc.:

export VAGRANT_APT_HTTP_PROXY="http://me:[email protected]:3210"

The plugin can also configure proxies for the whole VM, not only for Apt.